In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: add srng->lock for ath11khalsrng_* in monitor mode
ath11khalsrng_* should be used with srng->lock to protect srng data.
For ath11kdprxmondestprocess() and ath11kdpfullmonprocessrx(), they use ath11khalsrng_* for many times but never call srng->lock.
So when running (full) monitor mode, warning will occur: RIP: 0010:ath11khalsrngdstpeek+0x18/0x30 [ath11k] Call Trace: ? ath11khalsrngdstpeek+0x18/0x30 [ath11k] ath11kdprxprocessmonstatus+0xc45/0x1190 [ath11k] ? idrallocu32+0x97/0xd0 ath11kdprxprocessmonrings+0x32a/0x550 [ath11k] ath11kdpservicesrng+0x289/0x5a0 [ath11k] ath11kpcicextgrpnapipoll+0x30/0xd0 [ath11k] _napipoll+0x30/0x1f0 netrxaction+0x198/0x320 _dosoftirq+0xdd/0x319
So add srng->lock for them to avoid such warnings.
Inorder to fetch the srng->lock, should change srng's definition from 'void' to 'struct halsrng'. And initialize them elsewhere to prevent one line of code from being too long. This is consistent with other ring process functions, such as ath11kdpprocessrx().
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPLV1V2SILICONZLITE-3.6510.30 Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1